Patch Tuesday could address XML zero-day flaw

Microsoft will issue nine security bulletins as part of its Patch Tuesday update on July 10, including a fix that could be for a vulnerability in XML Core Services that is being actively exploited.

In its advanced notifications for the release, Microsoft lists the nine bulletins along with their severity -- three are critical and six are listed as important -- and what software is affected, but doesn’t go into much more detail. All three of the critical fixes involve remote code execution.

The vulnerability in XML Core Services affects all supported versions of Windows and allows remote code execution. It has been identified as being exploited in attacks in Europe in June and in recent attacks using the Sykipot Trojan targeting the aerospace industry.

Microsoft issued a warning about the vulnerability on June 12 and directed users to a Fix-it workaround, but has not yet issued an automated patch.

The XML vulnerability has been tied to state-sponsored attacks that Google warned its users about in early June. And Alienvault Labs, which identified the recent Sykipot attacks, said there was evidence, though no proof, that those attacks are coming from China.

Microsoft will release more information on this month’s patches on July 10.

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.